A web application firewall inspects requests and filters those that are deemed malicious. In comparison, Client Reputation focuses on the source of the request, and determines the extent to which that source has sent malicious requests in the past. Register today for this upcoming webcast to find out more!

SC Magazine's SC Congress returns to London on 3 March, 2015 with an all new programme! Here is your chance to catch a full day of hard-hitting information security news and solutions from leaders in their industries that you can implement for your company.

As employees increasingly have mobile access to the corporate network this webcast will discuss the steps organisations can take to minimise risk among their workforce and detail what a mobile device management policy should look like and how to enforce it. Register today for this SC editorial webcast!

IT staff admit having access to sensitive information without board level knowledge

Almost half of IT staff are able to gain unauthorised access to their organisation's most sensitive information.

According to a survey of 500 IT professionals by Lieberman Software, 42 per cent are able to access a company's most sensitive information, including the CEO's private documents.

Fifteen per cent of UK IT professionals, compared with just nine per cent of US IT professionals, admitted that they would use their admin rights to snoop around the network in an effort to sneak a peak at sensitive data to try and find out if their job, or a colleague's job, was at risk.

Also, 39 per cent revealed that senior management does not know what IT can and cannot access, as 78 per cent said that they could walk out the office tomorrow with highly sensitive information. A third of respondents revealed that they would still be able to access sensitive information long after leaving the company.

Philip Lieberman, president and CEO of Lieberman Software, said: “Companies should wake up to the fact that IT holds the keys to the kingdom. Nothing is secret or private unless you establish systems and procedures to lock down data from prying eyes and according to our study, most organisations don't.

“In the good old days the most sensitive data was locked away in a filing cabinet with just one or two trusted key holders. Today, it's locked away in a virtual filing cabinet, but the problem is most companies have no idea just how many people have keys to this cabinet.

“What's clear from this survey is that management just doesn't understand the privileges their IT staff have to the most sensitive data. Even the bosses' documents can be read by 42 per cent of IT personnel and if these guys can't be trusted, directors shouldn't be surprised when their data gets leaked or exploited.”

Another survey of 3,484 employees in the United States, Great Britain and Australia found that 48 per cent of British employees who have access to their employer's or client's private data said that they would feel comfortable doing something with that data, regardless if that access was intentional or accidental.

Jackie Gilbert, vice president of marketing and co-founder of SailPoint that conducted that survey, said that organisations should be very concerned about the number of employees that openly admitted to misusing proprietary data.

“These results show that insider threats represent a significant risk to the business. Some of the biggest and most costly data breaches have been directly tied to company employees,” she said.

“Having a written policy is not enough to ensure data security. Organisations need to have automated controls in place to monitor and manage user access controls in order to minimise the risk of insider theft or sabotage.”

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.